CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-5633 – Kernel: vmwgfx: reference count issue leads to use-after-free in surface handling
https://notcve.org/view.php?id=CVE-2023-5633
23 Oct 2023 — The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges. Los cambios en el recuento de referencias realizados como parte de las correcciones CVE-2023-33951 y CVE-2023-33952 expusieron una falla de use-after-free ... • https://access.redhat.com/errata/RHSA-2024:0113 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2023-5115 – Ansible: malicious role archive can cause ansible-galaxy to overwrite arbitrary files
https://notcve.org/view.php?id=CVE-2023-5115
17 Oct 2023 — An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path. Existe un ataque de path traversal absoluto en la plataforma de automatización Ansible. Esta falla permite a un atacante crear un rol de Ansible malicioso y hacer que la víctima ejecute el rol. • https://access.redhat.com/errata/RHSA-2023:5701 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-36: Absolute Path Traversal •
CVSS: 7.7EPSS: 0%CPEs: 6EXPL: 1CVE-2023-5557 – Tracker-miners: sandbox escape
https://notcve.org/view.php?id=CVE-2023-5557
13 Oct 2023 — A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability. Se encontró una falla en el paquete tracker-miners. Una debilidad en la sandbox permite que un archivo creado con fines malintencionados ejecute código fuera de la sandbox si el proceso de extracción del rastreador se ha visto comprometido primero por una vulnerabilidad separada. ... • https://access.redhat.com/errata/RHSA-2023:7712 • CWE-693: Protection Mechanism Failure •
CVSS: 10.0EPSS: 7%CPEs: 7EXPL: 1CVE-2023-3961 – Samba: smbd allows client access to unix domain sockets on the file system as root
https://notcve.org/view.php?id=CVE-2023-3961
12 Oct 2023 — A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, which Samba initiates on demand. However, due to inadequate sanitization of incoming client pipe names, allowing a client to send a pipe name containing Unix directory traversal characters (../). This could result in SMB clients connect... • https://access.redhat.com/errata/RHSA-2023:6209 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 4%CPEs: 11EXPL: 0CVE-2023-42669 – Samba: "rpcecho" development server allows denial of service via sleep() call on ad dc
https://notcve.org/view.php?id=CVE-2023-42669
11 Oct 2023 — A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in the main RPC task, allowing calls to the "rpcecho" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a "sleep()" call in the "dcesrv_echo_TestSleep()" function u... • https://access.redhat.com/errata/RHSA-2023:6209 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.8EPSS: 1%CPEs: 7EXPL: 0CVE-2023-4091 – Samba: smb clients can truncate files with read-only permissions
https://notcve.org/view.php?id=CVE-2023-4091
11 Oct 2023 — A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions che... • https://access.redhat.com/errata/RHSA-2023:6209 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 94%CPEs: 444EXPL: 17CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
10 Oct 2023 — The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. ... • https://github.com/imabee101/CVE-2023-44487 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-39189 – Kernel: netfilter: nftables out-of-bounds read in nf_osf_match_one()
https://notcve.org/view.php?id=CVE-2023-39189
09 Oct 2023 — A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. Se encontró una falla en el subsistema Netfilter en el kernel de Linux. La función nfnl_osf_add_callback no validó el campo opt_num controlado por el modo de usuario. • https://access.redhat.com/errata/RHSA-2024:2394 • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-5366 – Openvswitch don't match packets on nd_target field
https://notcve.org/view.php?id=CVE-2023-5366
06 Oct 2023 — A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses. Se encontró una falla en Open vSwitch que permite que los paquetes de anuncios de vecinos ICMPv6 entre máquinas virtuales omitan las reglas de OpenFlow. Este problema puede permitir que un atac... • http://www.openwall.com/lists/oss-security/2024/02/08/4 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.8EPSS: 1%CPEs: 5EXPL: 0CVE-2023-3171 – Eap-7: heap exhaustion via deserialization
https://notcve.org/view.php?id=CVE-2023-3171
06 Oct 2023 — A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the heap and result in a Denial of Service. Se encontró una falla en EAP-7 durante la deserialización de ciertas clases, lo que permite la creación de instancias de HashMap y HashTable sin verificar los recursos consumidos. Este problem... • https://access.redhat.com/errata/RHSA-2023:5484 • CWE-770: Allocation of Resources Without Limits or Throttling CWE-789: Memory Allocation with Excessive Size Value •